Test Your Environment to Prevent Security Incidents

During these assessments, CDW’s penetration testers play the role of real-world attackers by targeting your critical information assets. While some vendors rely primarily on automated vulnerability scanning, CDW’s expert team also incorporates their comprehensive understanding of business networks and systems during their manual testing to provide a more holistic testing approach. 

Application penetration testing from CDW can identify and help you understand your risk of exposure in your applications. Our assessments leverage dynamic application security testing (DAST) and/or static application security testing (SAST) methodologies to uncover security vulnerabilities in your applications. These assessments will help you to better understand your security posture and test your readiness to withstand and respond to real-world cyberattacks.

The manual-based approach by our knowledgeable professionals can help protect your sensitive information and assets by:

• Working with our team to develop a custom scope that takes into account the security needs and requirements of your organization
• Identifying critical application weaknesses through an in-depth, manual-based testing methodology
• Demonstrate how vulnerabilities would be exploited by actual threat actors to compromise asset and user security
• Provide recommendations regarding remediation strategies and timelines, allowing your organization to focus on the most critical risks first

CDW’s application penetration testing services consist of:

• Web applications
• Application Programming Interface (API) endpoints
• Mobile applications – iOS and Android
• Thick client applications
• Secure source code review

CDW’s penetration testing team will simulate the techniques and tradecraft of real-world cyber attackers that relate directly to the client's environment and assessment concerns.  CDW’s adversarial simulation includes:

Scenario-Based Test:

• A time-boxed assessment emulating a real-world threat actor
• Highlights both risks and impacts associated with a specific breach scenario, typically involving internal client networks
• Includes testing security controls and resiliency using a mutually agreed-upon scenario(s)

Purple Team Assessment:

• An overt assessment that integrates friendly (“blue team”) exercises with an adversarial (“red team”) approach
• One CDW team focuses on the simulated attack, while another provides the client’s SOC with a comprehensive view of the unfolding incident
• This dual perspective provides valuable insights into an organization’s threat landscape, security controls, as well as the ability to detect and respond to threat actors
• Maps adversarial activities to MITRE ATT&CK techniques to evaluate coverage

Red Team Assessment:

• A covert assessment to test user security awareness, incident response procedures and technical controls of the organization’s security program
• Simulating a real-world threat actor, this assessment identifies previously overlooked or unknown avenues of attack that may be exploited to gain access to systems, networks or applications
• May include attempts to penetrate the external network perimeter, establish a foothold in the internal environment and accomplish specific attack objectives that are mutually pre-defined with your organization
• Maps adversarial attack path to MITRE ATT&CK techniques

Performing a social engineering assessment will help understand how effective security awareness training and procedures are in preventing threat actors from getting valuable corporate information directly from your employees.

CDW’s social engineering services consist of:

• E-mail based phishing – persuade users to click links, submit credentials or execute a malicious payload
• Phone-based attacks (“Vishing and SMShing”) – persuade users to divulge information or perform an action that could be leveraged to gain access to an organization
• On-Site Physical Social Engineering  – assesses the effectiveness of physical security controls, employee awareness and training
• Open-Source Intelligence (OSINT) Gathering – identify what information is publicly available which can be leveraged to conduct a targeted attack against the organization

CDW’s targeted attack penetration test focuses on evaluating and exploiting common attack paths found in your environment. Our security team will work to explore your potential risk exposure and provide recommendations on how to remediate the findings identified during the test. Evaluating your organization’s defences against common tactics will enable you to meaningfully improve your organization’s security posture, and help you prepare for future security events.

Targeted Attack Penetration Test Overview (PDF)